I am the author of Wordle , one of the few surviving Java applets in the wild.
Recently, I have received user reports about warnings that my (signed) applet will soon be blocked by the JRE because it clearly did not indicate the βPermissionsβ attribute in its manifest. So now MANIFEST.MF correctly points
Permissions: sandbox
and the <applet> includes magic
<param name="permissions" value="sandbox" />
param as documented .
Now, people who have leaned back to install OS X JRE 7 can easily run Wordle, but people (like many IT school administrators) who are stuck on JRE 6 cannot start the applet at all; they receive
java.lang.SecurityException: JAR manifest requested to run in sandbox only: http://wordle.appspot.com/j/v1390/wordle.jar at com.sun.deploy.security.DeployManifestChecker.verify(DeployManifestChecker.java:106) at com.sun.deploy.security.DeployManifestChecker.verify(DeployManifestChecker.java:84) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:319) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:280) at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(TrustDecider.java:270) at sun.plugin2.applet.Plugin2Manager.isAppletSigned(Plugin2Manager.java:3289) at sun.plugin2.applet.Plugin2Manager.createApplet(Plugin2Manager.java:3207) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Plugin2Manager.java:1536) at java.lang.Thread.run(Thread.java:695)`
The symptom assumes that the Java 6 plugin assumes that the signed applet should work in all-permissions mode and considers that the request for sandbox in the manifest is an error. In other words, it ignores the permissions parameter in the applet tag.
Does anyone know how to help my users besides installing the applet in all-permissions mode? I would rather stay in the sandbox because I don't want people to be afraid to use Wordle, and because I don't want to create an attack surface.
java manifest applet macos wordle
Jonathan feinberg
source share